Launchpad.net

CVE 2016-4834

modules/Users/actions/Save.php in Vtiger CRM 6.4.0 and earlier does not properly restrict user-save actions, which allows remote authenticated users to create or modify user accounts via unspecified vectors.

See the CVE page on Mitre.org for more details.

References